UK Police Cracking Down on Broadband Theft

dubculture writes "A 39 year-old man in West London was arrested for dishonestly obtaining free internet access" from an unsecured wireless router nearby. The article discusses a couple of other cases, including one where a fine of £500 (~US$1000) was handed out for, essentially, taking advantage of someone else's inability (read: apathy) towards securing their home network."

No problem

[lukesky321]

I have an unsecure network, and I really don't care if anyone uses it as long as nothing illegal is performed.

Re:No problem

[absoluteflatness]

Which is obviously why these charges must be based on some kind of complaint or cooperation from the owner of the access point. There's really no way for the police to tell you're doing anything wrong if you're just on a wireless connection of some kind.

That being said, the owner of the access point is entirely within their rights to both improperly secure it, and to attempt to pursue those who improperly use it. The analogy of the home with the door left open applies somewhat well here.

Re:No problem

[iamacat]

The intention of access point owner must be known to the user ahead of time. If the network is completely unsecured, it should be assumed that it's public access. If it is secured, however improperly - 40 bit WEP password of "welcome", mac check, hidden network id - access is illegal without explicit consent of the owner. If you build a water fountain standing in the open, don't be surprised if people drink.

Re:No problem

[YrWrstNtmr]

The subtleties of "stealing" wireless access, would, in my mind, require the owner to somehow make the user aware that their use was not acceptable before any charges could be brought.

I would think it should be the other way around. Do not use unless you know for sure that you are allowed. An SSID of "UseThisWiFi" or similar.
A bicycle unattended in my front yard is not express permission for you to take it. A sign that says "Free bike" is.

It's not yours to use without express permission.

Re:No problem

[irc.goatse.cx+troll]

If those two had anything to do with eachother, maybe. until then lets stick to the actual facts instead of trying to apply something simple that anyone on slashdot should already understand to something 'more basic' that just complicates things.

It's an open AP. Theres plenty of them ran by people like me who wish to share their internet access to those nearby who need to bum a quick connection.

You using my open AP doesn't "steal" anything from me. Most of my bandwidth goes unused anyways, and if I wanted to use it QoS gives it to me when I need it. Admittedly most standard routers arnt configured that way, but most standard users dont care.

Really the question is how is this guy supposed to know that the Open access point ISN'T for public use? Theres nothing indicating that. SSID isn't something private sounding (probably 'linksys'), theres no password, no encryption, no mac limitation, no vpn forcing routing.. NOTHING to indicate that it isnt for public use.

Too complicated for you? Heres a worthless analogy that at least applies. It's like if I was at your business in the lobby and grabbed the phone you had in the waiting room and made a call. Maybe it was for employees/customers only, maybe it wasnt, no sign was around to tell me one way or the other and when I picked it up it worked without any hassle.

Re:No problem

[BillyBlaze]

Other than the bicycle analogy, why should we assume the default state is "I don't want you using my WiFi"?

If we must use analogies, let's keep it in the realm of computers. Running an open WiFi is like running a public web server - even if the url isn't use-this-webserver.example.com, we still assume you intend for people to connect to it. In other words, there's nothing magical about express permission - there are lots of things you can do by convention. Since this is a new legal area, we have a choice which convention to choose.

Besides that argument, there are other advantages to assuming it's open unless secured. You're less likely to be arrested just for hanging around somewhere with your laptop. We don't have to waste public funds arresting you unless the owner complains. And we all get more free WiFi.

Re:No problem

[LarsG]

I know people like the 'open door' analogy, but let's see what's really happening here.

Laptop: Hey, can I connect to you?
Access Point: Sure.
Laptop: Can I get an IP address, too?
Access Point: Sure.

That's more the equivalent of having a guard at your door saying 'please come in' to anyone passing by.

Unless AP answers no to those requests, how is Laptop to know that it is unauthorized? Heck, Windows will even autoconnect to an open AP; should we sue MS for aiding and abetting?

It should be the AP owners responsibility to set up the AP so that connecting to it requires authorization.

just because someone doesn't know about such things, doesn't mean it's morally right to use up their internet quota.

That's more an issue of AP manufacturers not properly edumacating their customers. The first page in the manual should explain this and the first screen in the setup wizard should include a 'allow anyone access yes/no'.

Re:No problem

[SL+Baur]

A bicycle unattended in my front yard is not express permission for you to take it. I left an unlocked bicycle unattended in my front yard in Tokyo for over two years hoping someone needy would take it (I lived near a woman's university and I truly didn't understand Tokyo at the time) but no one did. It's Japan, so the bicycle is probably still sitting there unlocked even though I moved away 4 1/2 years ago. Not enough other dang gaijin in that neighborhood I suppose. (Bicycle theft is epidemic in places like Tsukuba where there are a higher percentage of foreigners).

Japan is the place where you can buy a bag of CDs, accidentally leave them in a nearby ATM and then later pick them up from the nearest koban where someone dropped them off after they saw you left it behind. I didn't do that, but I witnessed it. Can you imagine the same kind of thing happening in the US? I can't, I'm a native american.

A coworker in Japan was telling me about the time she visited New York with her husband and after buying some things went to a restaurant, left her bags at the table and went away for a moment. In Japan, Nothing Happens when you do things like that, but that was New York and the bags were stolen.

On another occasion when I was living in Tokyo, but working in Kobe (about 5 hours by train after you factor in the local trains) I accidentally left my apartment unlocked for an entire week unattended. Nothing Happened.

The US isn't civilized and hasn't been for a long time. If you look away, you should have the expectation that whatever it was you're not looking at will disappear, because it will. And no, I'm not happy about saying this. I used to love living in California and the USA. It wasn't so many years ago that it used to be safe to leave a car with the keys inside (remember the "lock your car, take your keys" ad campaign?).

So yes, I admire your sentiments, but anywhere outside of the best places in Japan, I've never seen them in practice. I've never been to the UK, but I presume they have worse problems than the US given all the surveillance cameras they've felt the need to install in recent years.

Re:No problem

[FireFury03]

I have a water tap in my front yard... should you assume that, without asking, you have a right to plug a hose up to it and use as much water as possible?

If you have a sprinkler in your front garden, and it's over-spraying onto my garden, should I be arrested for "stealing" your water?

Re:the opposing viewpoint

[TheLazySci-FiAuthor]

If someone leaves a hose running into the street is it wrong to take some of that water?

Preemptive Strike

[Anubis350]

Before anyone starts in with the "if the door is open, you can't go into someones house anyway" argument, I'm going to point out that most laptops these days auto connect to open connections, or at least do a popup that if the avg user isn't paying attention will connect them when they hit enter. Just like with property, than when rights aren't enforced long enough when people walk on it, it becomes public use land, the same is true of the wireless network. people leaving their networks with SSID broadcast no security is *not* the equivalent of an open, unlocked door on a residence, it's the equivalent of laying out all your stuff in the middle of the street with a sign that says "please take", or at least a path through their land that they never gated and never shooed anyone off of, it's for the public use at that point.

Re:Preemptive Strike

[Angst+Badger]

All these analogies are pointless anyway. If the local legislature enacts a statute imposing a fine for unauthorized access to an unsecured network, and you get caught doing it, you can be fined. It doesn't matter in the least what network access is "like". Network access could be like skiing down the Swiss Alps or biting into a Peppermint Patty for all that it matters. We're not talking about a law regulating access to land being imaginatively applied to network access. We're talking about a law explicitly regulating network access.

And yes, people should secure their networks if they don't want to deal with casual intruders. But people should also stop taking advantage of the ignorance of other people, too.

Re:Preemptive Strike

[jfengel]

But we're Slashdotters! We only know how to reason by analogy.

Holding a Slashdot argument without using a flurry of conflicting and dubious analogies is like a car with brakes only on its left wheels... no, wait, it's like a door with a lock that accepts puns as an answer... no, it's like...

If it's illegal to use an unsecured wifi network..

[tuxlove]

...then why do hardware manufacturers design their products to automatically join unsecured networks by default? You could get cited simply for buying a laptop and turning it on. Some unsecured networks actually are intended to be used freely. How are you supposed to tell?

Seems to me that the law should clearly state the legal difference between an "open" and "closed" wifi network, presumably with password protection being the key difference.

Completely wrong paradigm

[teutonic_leech]

Bandwidth should be ubiquitous - as usual we are letting our fears drive our policies. I completely understand that the authorities want to be able to pinpoint who's using their connection to download child p0rn, send messages to known terrorist organizations, steal credit cards, or send spam. But the reality of it all is that the 'bad boys' already know how to protect themselves and how to obfuscate their identity. Add to this that 90% of all computers connected to the Internet are virus and trojan ridden (i.e. running Windows). So, this whole push to penalize people for using Internet connections wherever they are available is tantamount to the RIAA's effort to curb the proliferation of digital media, which thus far has proven to be an exercise in futility (since digital media inherently wants to be copied since it [most] always produces identical copies).

I see a huge opportunity here for some entity to encourage and drive the proliferation of [low cost] ubiquitous Internet access. Obviously in some way or fashion the wireless and mobile industries are working towards that goal, but it's far from being universally available. Again, the wrong paradim is being applied - we should encourage bandwidth to be used, not prevent others from accessing it. If I am able to share my bandwidth with my neighbors, and vice versa - we all win in the end and enjoy higher QoS. Also, the more we spread out the last 100 feet Internet access points the more efficient we are using our infrastructure as a whole. I know this sounds anarchistic to some extent, but right now we are moving into the exact opposite of the spectrum: bandwidth scaling, packet filtering, access restrictions wherever you turn. Is this how we imagined the Internet to turn into? If we let this trend continue, how is it going to wind up 10 or 20 years from now? Are we all going to be monitored/analyzed/profiled and at the same time 'herded' into tightly controlled pipes managed by large consolidated corporate monopolies? I hope WiMax will come to the rescue at some time - it's been promised for a long time and the roll out has been extremely slow.

Ego

[Bane1998]

'inability (read: apathy)' is editorializing. Which, fine, that happens on slashdot. But the idea that people have that 'if the damn users would just learn aboud WEP versus WPA, duh' is moronic. People USE computers, and may not know every detail or security concept, and they shouldn't have to. We 'techno elite' should provide the simple tools to work with confusing concepts. And we should default to good security. Which is not always possible, if you want your product to just work with the rest of yoru network.

But blaming the users and callign them apathetic? Get over yourself. Not everyone should have to or needs to know dirty security details or how to configure their router. If you MUST sustain your ego by blaming someone you can call an idiot, at least blame 'The Geek Squad' or whatever other support people set up the layman's network. Not the layman.

Unauthorized use?

[Jorgandar]

Rubbish law. When you log into a network, so long as you're not hacking it, you politely ask the router "may i use this network and have an IP address?". The router says "yes", on behalf of you, the owner. Therefore it is authorized.

Its NOT the same as leaving your front door open in your house, or your car unlocked.

It IS the same as leaving your front door open in your house, having a visitor stop at the door and ask "may I come in?" and you replying "yes". You can't then turn around and sue for trespassing.

-J

Deeply flawed

[Daimanta]

This metaphore is deeply flawed. It doesn't contain any cars.

"Dishonestly obtaining free internet access..." ?

[Jeremy_Bee]

Given the circumstances of the arrest and the description of the law, there is no way this is (or should be considered) an illegal act.

If the fellow was wealthy enough to this to a high court, or possibly the European court, they would win hands down and the law would be struck off the books. As an English person myself I can tell you that the UK has a strong propensity for these kinds of knee-jerk fascist laws that often stay on the books for years both because of the tendency of the average Brit to knuckle under to the cops and because rich people are rarely charged with such offences.

The law (as described in the article), says that "Dishonestly obtaining free internet access..." was the crime. Yet it's a long established legal principle that merely adding the word "dishonest" in front of something does not actually make it a crime. You can't just say that driving a car is alright but "dishonestly driving a car" is a crime. This is patent nonsense.

The crime should be correctly defined as "stealing broadband access," and stealing requires both knowledge of wrong-doing and an intent to deprive the victim at a bare minimum.

There is no deprivation here, and nothing has been lost. The man in question seemed to have no way of knowing that the owner of the broadband connection did not want people to access it. Some people have wireless and leave it open on purpose. I know at least four of my neighbors do this.

To top it all off, when the police saw him sitting on the wall and asked him what he was doing, he freely admitted it and apparently didn't see anything wrong with the practice. A good argument could be made that he was "Honestly obtaining free internet access" and not being dishonest at all.

Unless there are facts not in evidence in this story, like the broadband being secured with a password, there simply is no crime here at all. Unfortunately the way the justice system is both in the UK and in North America, this unjust, ridiculous law will hang around bothering people for ages before someone with enough political power or money decides they are tired of it.

Re:Unsecured AP ~= Open AP

[spoco2]

"If you're too stupid, you shouldn't be using the technology that's obviously over your head."

What a fine, understanding attitude you have.
A: "WiFi is such a convenient tech, it makes doing all these networked things much easier."
B: "I know, I just got a wireless router, plugged it in at home and it's so great to be able to use my laptop anywhere around the home"
A: "You did set WEP encryption didn't you?"
B: "Wha?"
A: "And MAC filtering of course?"
B: "Who the?"
A: "And I suppose you just turned off SSID broadcasting as well?"
B: "What language are you speaking sir?"
A: "You incompetent f*cking idiot... give me that access point... you have no right to use it!"

I mean really, you expect just everyone to know how to use the technology completely? It's confusing, but shouldn't be. I have no problem with it, you have no problem with it... but my wife would know a MAC address if she fell over it, should she not be using the wireless access at home then?

I'd be getting down off that high horse unless you know the intimate workings of everything you use from day to day. Just because you don't understand how everything works with something, doesn't mean you shouldn't be allowed to use it. It means that the creators of said product need to make it easier to use safely.

Re:"Dishonestly obtaining free internet access..."

[janrinok]

The crime should be correctly defined as "stealing broadband access," and stealing requires both knowledge of wrong-doing and an intent to deprive the victim at a bare minimum. There is no deprivation here, and nothing has been lost. The man in question seemed to have no way of knowing that the owner of the broadband connection did not want people to access it.

I am also British but I do not agree with your analysis. Firstly, because "Dishonestly obtaining free internet access is an offence under the Communications Act 2003 and a potential breach of the Computer Misuse Act." The offence is specifically stated in the law as it is currently written, although not using that particular phrase. The use of the word 'dishonest' does not make a law valid, but it is the correct usage to indicate that a crime is believed to have been committed when the charge is being written. After all and as you have pointed out, without the word dishonest then it appears that there has been no crime. Unfortunately, TFA has not used the specific wording from the act but has quoted what the individual has been charged with. The case could, I suppose, fail on this technicality but I suspect that the judge will accept it. Secondly, any unauthorised use of someone's computer equipment, which includes a network, is covered by the Computer Misuse Act. If the owner has not given specific permission as required by this Act, then an offence has been committed. Of course, we will not know until the court case is heard whether the owner had given such permission but the accused did admit to "using the owner's unsecured wireless internet connection without permission" so it looks quite likely that the Act was contravened. Thirdly, if the ISP account allows x Mbs to be downloaded and this individual was downloading y Mbs, then deprivation of that bandwidth did take place. Whether the owner would have noticed it is not relevant in law. Just because you are not driving your car at any particular time does not give me the authority to drive it. Furthermore, if the account was capped, then the legal user of the network has also been deprived of a specific amount of data that now cannot be downloaded during the relevant download period. Fourthly, you might leave your network open and free to all users but, unless you have advertised it as such, then no-one can use your network without your 'specific permission'. That is why airports have the signs announcing that a wifi is available. It is the legal authority for others to use it. Simply leaving it unsecured does not fulfil this requirement as far as I understand it. The law in the UK, rightly or wrongly, does not accept that an open network implicitly grants permission for anyone to use it. You might like it to be so but it is not currently what the law believes to be a correct interpretation of the appropriate Acts. The police have reasonable grounds for suspicion that the law has been contravened and have thus acted appropriately.

Despite my analysis, the judge may decide that there is insufficient evidence here to prove guilt beyond all reasonable doubt or there may be, as you have already acknowledged, further facts that have not been included in TFA. We will all have to wait to see whether the judge or CPS (although I do not think that they will be asked for a judgement in this case) thinks that the police acted correctly and whether the case leads anywhere. Regardless, the outcome could well clear up any misunderstandings that might currently exist as to what it, and what is not, permitted by law in UK with regard to unsecured networks.

Finally, I do not agree that this is an 'unjust' law - but IANAL. It addresses a specific problem, in fact a series of problems, and I personally support it. The title of TFA is, in the usual Slashdot fashion, a gross exaggeration of the truth - a single person has been charged, there is hardly a 'crackdown' on broadband theft.